[PART 1]
In the hope not only to get some help, but to help others in the same situation, I'm trying to give an accurate report of what happened today.
After one last update of Avast's virus data file, and one last scan which reported nothing, I installed (from CD) the latest version of Firefox compatible with Windows 98 (V2.0.0.20). I ran it just to get the last updates from Mozilla, and to verify whether the "Wikipedia thing" continued to happened: it was gone, Wikipedia opened perfectly.
[
from now on I would use a "should-be" English translation of Firefox functions and buttons, since I have the Italian version of Firefox and I'm not 100% sure of the word they used in the English version]
I opened the Options menu in Firefox, set the Popup stop, but when I opened the list of "Exceptions" (allowed sites) for the poopup blocker, I had two bad surprises: 1) the "Exceptions" list was absurdly slow in opening (about 20 seconds, on my PC it's instantaneous), and 2) despite it was Firefox's first run, the list of popup "Exceptions" was ALREADY FILLED IN with HUNDREDS of sites like XXX, porn, gambling etc...
I clicked the "Remove All" button, saved the changes, closed and restarted Firefox and... the "Exceptions" list was NOT totally empty.
There was ONE entry in the list, "
hausaufgaben". I deleted that only entry, saved the changes, reopened the Exceptions list (either restarting or not Firefox, it was just the same) and that "
hausaufgaben" entry had been recreated...
Both Avast and Spybot gave a "nothing found" outcome...
At this point, I ran
REGEDIT and exported the Register, and I found something which, not my knowledge but my nose, definitely says should NOT be there: but I can's say whether it's related or not to the "hausaufgaben" entry being continuously recreated.
I cannot post the whole exported Register as it's huge. If it can be of any usefulness, I can ZIP and send it privately.
This is the BEGINNING of the first of the two sections of the Register containing the AD/XXX entries:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
"Trusted"="1"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com\www]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com\install]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com\www.install]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com\the]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com\www.the]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com\www]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com\www]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com\www]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com\80gw6ry3i3x3qbrkwhxhw]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com\www]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com\mir]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com\woool]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com]
"*"=dword:00000004
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com\www]
"*"=dword:00000004
.
.
.
.
...etc etc...
I would know what does the first key value mean:
"Trusted"="1"It implies that all the following sites are TRUSTED?...